• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "ipsec_vpn_ctl.h"
17 
18 #include <string>
19 
20 #include "base64_utils.h"
21 #include "netmgr_ext_log_wrapper.h"
22 #include "netmanager_base_common_utils.h"
23 #include "net_manager_ext_constants.h"
24 
25 namespace OHOS {
26 namespace NetManagerStandard {
IpsecVpnCtl(sptr<VpnConfig> config,const std::string & pkg,int32_t userId,std::vector<int32_t> & activeUserIds)27 IpsecVpnCtl::IpsecVpnCtl(sptr<VpnConfig> config, const std::string &pkg, int32_t userId,
28     std::vector<int32_t> &activeUserIds)
29     : NetVpnImpl(config, pkg, userId, activeUserIds)
30 {}
31 
~IpsecVpnCtl()32 IpsecVpnCtl::~IpsecVpnCtl()
33 {
34     NETMGR_EXT_LOG_I("~IpsecVpnCtl");
35 }
36 
IsSystemVpn()37 bool IpsecVpnCtl::IsSystemVpn()
38 {
39     return true;
40 }
41 
SetUp()42 int32_t IpsecVpnCtl::SetUp()
43 {
44     return StartSysVpn();
45 }
46 
Destroy()47 int32_t IpsecVpnCtl::Destroy()
48 {
49     return StopSysVpn();
50 }
51 
StopSysVpn()52 int32_t IpsecVpnCtl::StopSysVpn()
53 {
54     NETMGR_EXT_LOG_I("stop ipsec vpn");
55     state_ = IpsecVpnStateCode::STATE_DISCONNECTED;
56     NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_DOWN_HOME);
57     NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_STOP);
58     NotifyConnectState(VpnConnectState::VPN_DISCONNECTED);
59     return NETMANAGER_EXT_SUCCESS;
60 }
61 
StartSysVpn()62 int32_t IpsecVpnCtl::StartSysVpn()
63 {
64     NETMGR_EXT_LOG_I("start ipsec vpn");
65     state_ = IpsecVpnStateCode::STATE_INIT;
66     InitConfigFile();
67     NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_RESTART);
68     return NETMANAGER_EXT_SUCCESS;
69 }
70 
InitConfigFile()71 int32_t IpsecVpnCtl::InitConfigFile()
72 {
73     CleanTempFiles();
74     if (ipsecVpnConfig_ == nullptr) {
75         NETMGR_EXT_LOG_E("InitConfigFile ipsecVpnConfig is null");
76         return NETMANAGER_EXT_ERR_INTERNAL;
77     }
78     if (!ipsecVpnConfig_->strongswanConf_.empty()) {
79         std::string strongswanCfg = Base64::Decode(ipsecVpnConfig_->strongswanConf_);
80         if (!strongswanCfg.empty()) {
81             CommonUtils::WriteFile(SWAN_CONFIG_FILE, strongswanCfg);
82         }
83     }
84     return NETMANAGER_EXT_SUCCESS;
85 }
86 
CleanTempFiles()87 void IpsecVpnCtl::CleanTempFiles()
88 {
89     DeleteTempFile(SWAN_CONFIG_FILE);
90     DeleteTempFile(L2TP_CFG);
91     DeleteTempFile(L2TP_IPSEC_CFG);
92 }
93 
DeleteTempFile(const std::string & fileName)94 void IpsecVpnCtl::DeleteTempFile(const std::string &fileName)
95 {
96     if (std::filesystem::exists(fileName)) {
97         if (!std::filesystem::remove(fileName)) {
98             NETMGR_EXT_LOG_E("remove old cache file failed");
99         }
100     }
101 }
102 
NotifyConnectStage(const std::string & stage,const int32_t & result)103 int32_t IpsecVpnCtl::NotifyConnectStage(const std::string &stage, const int32_t &result)
104 {
105     if (stage.empty()) {
106         NETMGR_EXT_LOG_E("stage is empty");
107         return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
108     }
109     if (result != NETMANAGER_EXT_SUCCESS) {
110         NETMGR_EXT_LOG_E("vpn stage: %{public}s failed, result: %{public}d", stage.c_str(), result);
111         return NETMANAGER_EXT_ERR_INTERNAL;
112     }
113     switch (state_) {
114         case IpsecVpnStateCode::STATE_INIT:
115             if (stage.compare(IPSEC_START_TAG) == 0) {
116                 // 1. start strongswan
117                 NETMGR_EXT_LOG_I("ipsec vpn setup step 1: start strongswan");
118                 state_ = IpsecVpnStateCode::STATE_STARTED;
119                 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD);
120             }
121             break;
122         case IpsecVpnStateCode::STATE_STARTED:
123             if (stage.compare(SWANCTL_START_TAG) == 0) {
124                 // 2. start connect
125                 NETMGR_EXT_LOG_I("ipsec vpn setup step 2: start connect");
126                 state_ = IpsecVpnStateCode::STATE_CONFIGED;
127                 NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME);
128             }
129             break;
130         case IpsecVpnStateCode::STATE_CONFIGED:
131             if (stage.compare(IPSEC_CONNECT_TAG) == 0) {
132                 // 3. is connected
133                 NETMGR_EXT_LOG_I("ipsec vpn setup step 3: is connected");
134                 state_ = IpsecVpnStateCode::STATE_CONNECTED;
135                 NotifyConnectState(VpnConnectState::VPN_CONNECTED);
136             }
137             break;
138         default:
139             NETMGR_EXT_LOG_E("invalid state: %{public}d", state_);
140             return NETMANAGER_EXT_ERR_INTERNAL;
141     }
142     return NETMANAGER_EXT_SUCCESS;
143 }
144 
GetSysVpnCertUri(const int32_t certType,std::string & certUri)145 int32_t IpsecVpnCtl::GetSysVpnCertUri(const int32_t certType, std::string &certUri)
146 {
147     if (ipsecVpnConfig_ == nullptr) {
148         NETMGR_EXT_LOG_E("GetSysVpnCertUri ipsecVpnConfig is null");
149         return NETMANAGER_EXT_ERR_INTERNAL;
150     }
151     switch (certType) {
152         case IpsecVpnCertType::CA_CERT:
153             certUri = ipsecVpnConfig_->ipsecCaCertConf_;
154             break;
155         case IpsecVpnCertType::USER_CERT:
156             certUri = ipsecVpnConfig_->ipsecPublicUserCertConf_;
157             break;
158         case IpsecVpnCertType::SERVER_CERT:
159             certUri = ipsecVpnConfig_->ipsecPublicServerCertConf_;
160             break;
161         case IpsecVpnCertType::SWAN_CTL_CONF:
162             certUri = Base64::Decode(ipsecVpnConfig_->swanctlConf_);
163             break;
164         default:
165             NETMGR_EXT_LOG_E("invalid certType: %{public}d", certType);
166             break;
167     }
168     return NETMANAGER_EXT_SUCCESS;
169 }
170 
GetConnectedSysVpnConfig(sptr<SysVpnConfig> & sysVpnConfig)171 int32_t IpsecVpnCtl::GetConnectedSysVpnConfig(sptr<SysVpnConfig> &sysVpnConfig)
172 {
173     if (state_ == IpsecVpnStateCode::STATE_CONNECTED && ipsecVpnConfig_ != nullptr) {
174         NETMGR_EXT_LOG_I("GetConnectedSysVpnConfig success");
175         sysVpnConfig = ipsecVpnConfig_;
176     }
177     return NETMANAGER_EXT_SUCCESS;
178 }
179 
IsInternalVpn()180 bool IpsecVpnCtl::IsInternalVpn()
181 {
182     return true;
183 }
184 } // namespace NetManagerStandard
185 } // namespace OHOS